Consumers are increasingly adding Internet of Things (IoT) devices like smart baby monitors and web-enabled thermostats to their home networks. Driving these purchasing trends are considerations of greater connectivity, availability, and convenience. Even so, that’s not to say consumers aren’t concerned about the security of their IoT devices.

No one knows that better than Gemalto.

In its report The State of IoT Security, the digital security firm shares its findings from a survey of 10,500 consumers it conducted in 2017. The purpose of the survey was to gauge consumers’ and business decision makers’ thoughts about the current state of the IoT ecosystem. As part of this study, Gemalto asked consumers to weigh in on how security influences the Internet of Things.

Nine in ten of consumers said they’re concerned about IoT security. Half were concerned with four IoT security threats in particular: hackers controlling their devices (65 percent), IoT products leaking sensitive data (60 percent), unauthorized actors accessing information through unprotected smart things (54 percent), and attackers abusing IoT device weaknesses to conduct crime (50 percent). Acknowledging these threats, nine in ten consumers said that there should be IoT security regulations, with nearly three quarters (72 percent) saying the government should play a role in ensuring these safeguards.

In an age where ease of use oftentimes trumps other technological considerations, it’s surprising to see a majority of users concerned about IoT security. That begs the question: what makes IoT different than other technologies in terms of security?

There are two main factors at play. First, there’s a question of data. Eighty-four percent of consumers who participated in Gemalto’s survey said that the amount of data collected by IoT devices makes ensuring their privacy a challenge. Approximately the same proportion of decision makers (81 percent) felt the same.

Second, the Internet of Things is still evolving, a fact which has ninety-three percent of consumers convinced there are challenges associated with IoT security. Nearly half (43%) said a lack of external guidance surrounding product security is a huge obstacle. A lack of clarity over who’s responsible for those challenges also registered on the minds of forty-one percent of consumer respondents.

Jason Hart, CTO of data protection at Gemalto, reflects on these issues:

“It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence IoT service providers and device manufacturers can fix it themselves. With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption.”

For confidence to take hold, consumers and businesses need knowledge and investment. Both are lacking at this time. On the one hand, while 54% of consumers participating in Gemalto’s study said they own an IoT device, only fourteen percent said they’re extremely knowledgeable about those products’ security. On the other hand, more than half of companies said they use a security-by-design approach (67%) and/or encryption (62%) to secure their devices, but most manufacturers spend just eleven percent of their total IoT budget securing their manufactured smart things.

Hart sees both of these deficiencies as a problem:

“The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit. Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data.

“‘Security by design’ is the most effective approach to mitigate against a breach. Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.”